Hacking

As
a private individual you're unlikely to attract the attention of hackers. The
one thing you have to watch out for is the arrival of a trojan program that tries
to take over your computer. It's still pretty rare, but the risk is increasing
month by month.

What hackers
do

In theory, people
who try to breach computer security should be called crackers rather than
hackers. But the popular press has lost the distinction between the two,
and I'm not going to make life difficult by trying to resurrect it.

So, hackers, as popularly
defined, are computer experts who spend enormous amounts of time trying
to breach the security of networks, Web servers and email servers. Usually
they use a selection of specialist software to identify weaknesses, which
are then exploited.

The majority do it for fun
and as a challenge. They're not interested in attacking private individuals. It's
the big companies and authorities they go for.

There are just two aspects
of hacking that you have to worry about as a private individual. One is that your
details are on various company databases, and when these are cracked, information
about you can be stolen.

There's not a lot you can
do about this, and it definitely happens from time to time. The good news is that
you won't finish up with any financial liability if your credit card details are
discovered. Your credit card company and the company that was cracked will sort
it out between themselves. It's unlikely that you'll even know it happened.

The second problem is that
serious hackers need to protect their anonymity. This means they can't mount their
attacks on organisations like the FBI directly through their own computers and
telephone lines. They need first to create an intermediary, like a kind of base
camp for a mountain expedition.

To get their intermediate
base they use purpose built programs called trojans and backdoors. A trojan is
a program that looks innocent but carries a dangerous payload, like the Trojan
Horse of Greek mythology. It may be disguised as a game or some other kind of
executable program, in the same way that viruses are often disguised.

The payload it carries is
a backdoor program (or maybe just a few lines of code that create a security hole
so a backdoor program to be installed later). A backdoor program allows the hacker
access to your computer whenever it's on the Internet. It's a remote control,
and usually a very thorough one with full access to every facility and file on
your computer.

Again, in the popular press the distinction between a
trojan and a backdoor (or more specifically the client element of a backdoor program)
has been lost and the two are often used interchangeably. (Glossary).

It's obviously important
to avoid getting a backdoor program inside your computer. The best way is to use
a competent virus protection program. Most of these will stop trojans and backdoors
getting through.

Don't rely on secure procedures
as a method of stopping hackers. They sometimes fire programs over the Internet
at a random IP addresses to see if they stick. You could be happily surfing Disneyland,
and from nowhere (certainly not the Web site server) a hacking program can turn
up at your machine trying to get in.

Once it's inside, it will
send a message back to the hacker to say it's colonized your computer. It may
also send a message each time you log on to the Internet, because it's likely
you'll be given a different IP address by your ISP each time you log on.

If your machine behaves
strangely and you think you've got a parasitic backdoor (it's a bit like
somebody else having a remote keyboard for the same computer) manually
unplug the phone line to break the connection and get yourself a top virus
protection program. Don't reconnect that machine to the Internet (not
even to collect email) until you're sure it's clean.

The exception is if
you run a permanent (always-on) Internet connection, especially a broadband
cable connection or DSL. Hackers just love to colonise these connections
because they're so useful. If you've got one of these you must install
extra security. Your service provider will be aware of the risk and should
offer you advice on what kind of security you need.

A good start is to install
a firewall. There's a free one that's easy to use called ZoneAlarm, available
from ZDNet.It's also recommended for users of regular modems who want
to improve their security.